b86116ee38
Creating and updating a shared policy is forbidden for non admin user. This patch makes sure the 'shared' attribute is disabled, and not added to the request body of the update request, so the request will not fail in neutron. Change-Id: Icefd45cac7ba990a3c6d76f40476d2eb3ccf4487
37 lines
1.5 KiB
JSON
37 lines
1.5 KiB
JSON
{
|
|
"context_is_admin": "role:admin",
|
|
"owner": "tenant_id:%(tenant_id)s",
|
|
"admin_or_owner": "rule:context_is_admin or rule:owner",
|
|
"admin_only": "rule:context_is_admin",
|
|
"shared_firewalls": "field:firewalls:shared=True",
|
|
"shared_firewall_policies": "field:firewall_policies:shared=True",
|
|
"default": "rule:admin_or_owner",
|
|
|
|
"create_firewall": "",
|
|
"get_firewall": "rule:admin_or_owner",
|
|
"create_firewall:shared": "rule:admin_only",
|
|
"get_firewall:shared": "rule:admin_only",
|
|
"update_firewall": "rule:admin_or_owner",
|
|
"update_firewall:shared": "rule:admin_only",
|
|
"delete_firewall": "rule:admin_or_owner",
|
|
|
|
"create_firewall_policy": "",
|
|
"get_firewall_policy": "rule:admin_or_owner or rule:shared_firewall_policies",
|
|
"update_firewall_policy": "rule:admin_or_owner",
|
|
"delete_firewall_policy": "rule:admin_or_owner",
|
|
"create_firewall_policy:shared": "rule:admin_only",
|
|
"update_firewall_policy:shared": "rule:admin_only",
|
|
"delete_firewall_policy:shared": "rule:admin_only",
|
|
|
|
"insert_rule": "rule:admin_or_owner",
|
|
"remove_rule": "rule:admin_or_owner",
|
|
|
|
"create_firewall_rule": "",
|
|
"get_firewall_rule": "rule:admin_or_owner or rule:shared_firewalls",
|
|
"update_firewall_rule": "rule:admin_or_owner",
|
|
"delete_firewall_rule": "rule:admin_or_owner",
|
|
"create_firewall_rule:shared": "rule:admin_only",
|
|
"update_firewall_rule:shared": "rule:admin_only",
|
|
"delete_firewall_rule:shared": "rule:admin_only"
|
|
}
|